Crown-Commercial-Service · drewhemm · Mar 11, 2024 · Mar 7, 2024
diff --git a/resource-groups/rds-postgres/main.tf b/resource-groups/rds-postgres/main.tf
@@ -4,34 +4,35 @@ resource "aws_db_subnet_group" "subnet_group" {
 }
 
 resource "aws_db_instance" "db" {
-  allocated_storage               = var.allocated_storage_gb
-  auto_minor_version_upgrade      = false
-  allow_major_version_upgrade     = false
-  apply_immediately               = var.apply_immediately
-  backup_retention_period         = var.backup_retention_period_days
-  db_name                         = var.db_name # NB Postgres db names use underscores, not hyphens
-  db_subnet_group_name            = aws_db_subnet_group.subnet_group.name
-  enabled_cloudwatch_logs_exports = ["postgresql"]
-  engine                          = "postgres"
-  engine_version                  = var.postgres_engine_version
-  final_snapshot_identifier       = var.skip_final_snapshot ? null : var.final_snapshot_identifier
-  identifier                      = var.db_name # NB RDS identifiers use hyphens, not underscores
-  instance_class                  = var.db_instance_class
-  iops                            = var.storage_iops
-  monitoring_interval             = var.monitoring_interval
-  monitoring_role_arn             = var.monitoring_role_arn
-  multi_az                        = true
-  password                        = random_password.db.result
-  parameter_group_name            = var.parameter_group_name
-  performance_insights_enabled    = var.performance_insights_enabled
-  port                            = var.postgres_port
-  publicly_accessible             = false
-  skip_final_snapshot             = var.skip_final_snapshot
-  storage_encrypted               = true
-  storage_throughput              = var.storage_throughput
-  storage_type                    = var.storage_type
-  username                        = var.db_username
-  vpc_security_group_ids          = [aws_security_group.db.id]
+  allocated_storage                   = var.allocated_storage_gb
+  auto_minor_version_upgrade          = false
+  allow_major_version_upgrade         = false
+  apply_immediately                   = var.apply_immediately
+  backup_retention_period             = var.backup_retention_period_days
+  db_name                             = var.db_name # NB Postgres db names use underscores, not hyphens
+  db_subnet_group_name                = aws_db_subnet_group.subnet_group.name
+  enabled_cloudwatch_logs_exports     = ["postgresql"]
+  engine                              = "postgres"
+  engine_version                      = var.postgres_engine_version
+  final_snapshot_identifier           = var.skip_final_snapshot ? null : var.final_snapshot_identifier
+  iam_database_authentication_enabled = var.iam_database_authentication_enabled
+  identifier                          = var.db_name # NB RDS identifiers use hyphens, not underscores
+  instance_class                      = var.db_instance_class
+  iops                                = var.storage_iops
+  monitoring_interval                 = var.monitoring_interval
+  monitoring_role_arn                 = var.monitoring_role_arn
+  multi_az                            = true
+  password                            = random_password.db.result
+  parameter_group_name                = var.parameter_group_name
+  performance_insights_enabled        = var.performance_insights_enabled
+  port                                = var.postgres_port
+  publicly_accessible                 = false
+  skip_final_snapshot                 = var.skip_final_snapshot
+  storage_encrypted                   = true
+  storage_throughput                  = var.storage_throughput
+  storage_type                        = var.storage_type
+  username                            = var.db_username
+  vpc_security_group_ids              = [aws_security_group.db.id]
 }
 
 resource "aws_security_group" "db" {

diff --git a/resource-groups/rds-postgres/variables.tf b/resource-groups/rds-postgres/variables.tf
@@ -38,6 +38,12 @@ variable "final_snapshot_identifier" {
   default     = "final-snapshot"
 }
 
+variable "iam_database_authentication_enabled" {
+  description = "Whether to enable IAM database authentication"
+  type        = bool
+  default     = false
+}
+
 variable "monitoring_interval" {
   type        = number
   default     = 0
@@ -51,8 +57,8 @@ variable "monitoring_role_arn" {
 }
 
 variable "parameter_group_name" {
-  type = string
-  default = null
+  type        = string
+  default     = null
   description = "Name of Parameter Group to use"
 }